CS 251 Fall 2019 CS 240 Principles of Programming Languages - PowerPoint PPT Presentation

λ CS 251 Fall 2019 CS 240 Principles of Programming Languages Foundations of Computer Systems Ben Wood x86 Control Flow ( Part A , Part B) Condition codes, comparisons, and tests [Un]Conditional jumps and conditional moves Translating if-else , loops, and switch statements https://cs.wellesley.edu/~cs240/ x86 Control Flow 1

Conditionals and Control Flow Two key pieces 1. Comparisons and tests: check conditions 2. Transfer control: choose next instruction Processor Control-Flow State Familiar C constructs Condition codes (a.k.a. flags ) if else l 1-bit registers hold flags set by last ALU operation while l ZF Zero Flag result == 0 do while l for l Sign Flag result < 0 SF break l Carry Flag carry-out/unsigned overflow CF continue l Overflow Flag two's complement overflow OF Instruction pointer %rip (a.k.a. program counter ) register holds address of next instruction to execute x86 Control Flow 2

1. Compare and test: conditions cmpq b,a computes a - b, sets flags, discards result Which flags indicate that a < b ? (signed? unsigned?) testq b,a computes a & b , sets flags, discards result Common pattern: testq %rax, %rax What do ZF and SF indicate? x86 Control Flow 3

(Aside) Saving conditions as Boolean values set g : set if greater long gt(int x, int y) { return x > y; stores byte: 0x01 if ~(SF^OF)&~ZF } 0x00 otherwise gt: cmpq %rsi,%rdi # compare: x – y setg %al # al = x > y movzbq %al,%rax # zero rest of %rax retq Z ero-extend from B yte (8 bits) to Q uadword (64 bits) %rax %eax %ah %al set__ comes in same flavors as j__ (next slide) x86 Control Flow 4

2. Jump: choose next instruction Jump/branch to different part of code by setting %rip . Condition Description j__ Unconditional Unconditional jmp 1 jump Equal / Zero je ZF Not Equal / Not Zero jne ~ZF Negative js SF Nonnegative jns ~SF Greater (Signed) jg ~(SF^OF)&~ZF Conditional jumps Greater or Equal (Signed) jge ~(SF^OF) Less (Signed) jl (SF^OF) Less or Equal (Signed) jle (SF^OF)|ZF Above (unsigned) ja ~CF&~ZF Below (unsigned) jb CF x86 Control Flow 5

Jump for control flow Jump immediately follows comparison/test. Together, they make a decision: " if %rcx == %rax then jump to label ." cmpq %rax,%rcx je label … Executed only if … %rax ≠ %rcx … addq %rdx,%rax label: Label Name for address of following item. x86 Control Flow 6

Conditional branch example long absdiff(long x,long y) { long result; if (x > y) { result = x-y; } else { absdiff: result = y-x; cmpq %rsi, %rdi } jle .L7 return result; subq %rsi, %rdi } movq %rdi, %rax .L8: retq Labels .L7: Name for address of subq %rdi, %rsi movq %rsi, %rax following item. jmp .L8 How did the compiler create this? x86 Control Flow 7

Introduced by Fran Allen, et al. Control-Flow Graph Won the 2006 Turing Award for her work on compilers. Code flowchart/directed graph. long absdiff(long x, long y){ Nodes = Basic Blocks : long result; Straight-line code always if (x > y) { executed together in order. result = x-y; } else { result = y-x; } long result; return result; if (x > y) else } else then Edges = Control Flow : result = y-x; result = x-y; Which basic block executes next (under what condition). return result; x86 Control Flow 8

Choose a linear order of basic blocks. long result; long result; if (x > y) else if (!(x > y)) then else else then result = x-y; result = y-x; result = y-x; result = x-y; return result; return result; x86 Control Flow 9

Choose a linear order of basic blocks. long result; if (!(x > y)) result = x-y; return result; result = y-x; Why might the compiler choose this basic block order instead of another valid order? x86 Control Flow 10

Translate basic blocks with jumps + labels long result; if (!(x > y)) cmpq %rsi, %rdi jle Else result = x-y; subq %rsi, %rdi movq %rdi, %rax return result; End: retq Else: result = y-x; subq %rdi, %rsi movq %rsi, %rax jmp End Why might the compiler choose this basic block order instead of another valid order? x86 Control Flow 11

ex Execute absdiff Registers cmpq %rsi, %rdi %rax jle Else %rdi 5 subq %rsi, %rdi movq %rdi, %rax %rsi 3 End: retq Else: subq %rdi, %rsi movq %rsi, %rax jmp End x86 Control Flow 12

ex Execute absdiff Registers cmpq %rsi, %rdi %rax jle Else %rdi 4 subq %rsi, %rdi movq %rdi, %rax %rsi 7 End: retq Else: subq %rdi, %rsi movq %rsi, %rax jmp End x86 Control Flow 15

Note: CSAPP shows translation with goto long absdiff(long x,long y){ long goto_ad(long x,long y){ int result; int result; if (x > y) { if (x <= y) goto Else; result = x-y; result = x-y; } else { End: result = y-x; return result; } Else: return result; result = y-x; } goto End; } x86 Control Flow 18

Note: CSAPP shows translation with goto absdiff: long goto_ad(long x, long y){ long result; cmpq %rsi, %rdi if (x <= y) goto Else; jle Else result = x-y; End: subq %rsi, %rdi movq %rdi, %rax return result; Else: End: result = y-x; retq goto End; } Else: subq %rdi, %rsi movq %rsi, %rax jmp End Close to assembly code. x86 Control Flow 19

But never use goto in your source code! http://xkcd.com/292/ x86 Control Flow 20

ex Compile if-else long wacky(long x, long y){ wacky: long result; if (x + y > 7) { result = x; } else { result = y + 2; } return result; } Assume x is available in %rdi , y is available in %rsi . Place result in %rax for return. x86 Control Flow 21

ex Compile if-else (solution #1) long wacky(long x, long y){ wacky: long result; movq %rdi, %rdx if (x + y > 7) { addq %rsi, %rdx result = x; cmpq $7, %rdx } else { jle Else result = y + 2; } movq %rdi, %rax return result; } End: retq Assume x is available in %rdi , y is available in %rsi . Else: addq $2, %rsi Place result in %rax for return. movq %rsi, %rax jmp End x86 Control Flow 22

ex Compile if-else (solution #2) long wacky(long x, long y){ wacky: long result; leaq (%rdi, %rsi), %rdx if (x + y > 7) { cmpq $7, %rdx result = x; jle Else } else { result = y + 2; movq %rdi, %rax } return result; End: } retq Assume x is available in %rdi , Else: y is available in %rsi . leaq 2(%rsi), %rax jmp End Place result in %rax for return. x86 Control Flow 23

Encoding jumps: PC-relative addressing 0x100 cmpq %rax, %rbx 0x1000 0x102 je 0x70 0x1002 0x104 … 0x1004 … … … 0x174 addq %rax, %rbx 0x1074 PC-relative offsets support relocatable code. Absolute branches do not (or it's hard). x86 Control Flow 24

λ CS 251 Fall 2019 CS 240 Principles of Programming Languages Foundations of Computer Systems Ben Wood x86 Control Flow (Part A, Part B ) Condition codes, comparisons, and tests [Un]Conditional jumps and conditional moves Translating if-else, loops, and switch statements https://cs.wellesley.edu/~cs240/ x86 Control Flow 25

do while loop long result = 1; long fact_do(long x) { long result = 1; result = result*x; do { x = x - 1; result = result * x; x = x - 1; } while (x > 1); (x > 1) ? return result; Yes } No return result; x86 Control Flow 26

do while loop Register Variable fact_do: %rdi movq $1,%rax long result = 1; %rax .L11: imulq %rdi,%rax result = result*x; decq %rdi x = x - 1; cmpq $1,%rdi (x > 1) ? Yes No jg .L11 retq return result; Why put the loop condition at the end? x86 Control Flow 27

while loop long fact_while(long x){ long result = 1; long result = 1; while (x > 1) { result = result * x; x = x - 1; } result = result*x; return result; x = x - 1; } long result = 1; (x > 1) ? Yes No (x > 1) ? Yes No return result; result = result*x; x = x - 1; This order is used by GCC for x86-64. Why? return result; x86 Control Flow 28

while loop long fact_while(long x){ long result = 1; while (x > 1) { result = result * x; x = x - 1; } return result; } fact_while: movq $1, %rax int result = 1; jmp .L34 .L35: result = result * x; imulq %rdi, %rax x = x - 1; decq %rdi .L34: (x > 1) ? cmpq $1, %rdi Yes jg .L35 No return result; retq x86 Control Flow 29

for loop translation for ( Initialize ; Test ; Update ) { Body } for (result = 1; p != 0; p = p>>1) { if (p & 0x1) { result = result * x; Initialize ; } while ( Test ) { x = x * x; Body ; } Update ; } result = 1; Initialize if (p & 0x1) { result = result*x; } Body x = x * x; Update p = p >> 1; Test ? Yes No (p != 0) ? Yes No x86 Control Flow 30

optional for loop: square-and-multiply /* Compute x raised to nonnegative power p */ int power(int x, unsigned int p) { int result; for (result = 1; p != 0; p = p>>1) { if (p & 0x1) { result = result * x; } x m * x n = x m+n x = x*x; } 0 ... 0 1 0 1 1 = 11 return result; 1 2^31 * ... * 1 16 * x 8 * 1 4 * x 2 * x 1 = x 11 } 1 = x 0 x = x 1 Algorithm Exploit bit representation: p = p 0 + 2 p 1 + 2 2 p 2 + … 2 n –1 p n –1 Gives: x p = z 0 · z 1 2 · ( z 2 2 ) 2 · … · (…(( z n –12 ) 2 )…) 2 Example z i = 1 when p i = 0 = 3 1 * 3 2 * 3 8 3 11 n–1 times z i = x when p i = 1 = 3 1 * 3 2 * ((3 2 ) 2 ) 2 Complexity O(log p ) = O(sizeof( p )) x86 Control Flow 31